Closed ITz-net closed 4 years ago
Hi, If all versions fail, I guess something is wrong in your setup. Can you first check this points:
glorytun path
and the option rate
is mandatory.it's not clocks trouble, both client and server in same timezone and synchronized with ntp
path for now not main trouble, have command to see all path configuration?
ping is good, both isp answered, i think maybe something with UDP, but OpenVPN with UDP worked fine.. hmm
__ i try tomorrow post full my configuration, logs..
The command to show all path is glorytun path
.
I use pre-compiled version of glorytun 0.2.2, for client and server, all run from root user:
wget https://github.com/angt/glorytun/releases/download/v0.2.2/glorytun-0.2.2-x86_64-linux-musl.bin
mv glorytun-0.2.2-x86_64-linux-musl.bin glorytun
chmod +x glorytun
so my configs, server side:
first create key
./glorytun keygen > gt.key
after run glorytun with bind server ip and port and tun interface (if need) , i use chacha, aes my client is not support..
./glorytun bind 195.245.103.245 55055 dev tun0 keyfile gt.key chacha
adding ip address to tun0 interface:
ifconfig tun0 10.0.1.1 pointopoint 10.0.1.2 up
route traffic from glorytun tunnel (tun0) to internet (eth0):
masqarade traffic from glorytun tunnel to internet:
iptables -t nat -I POSTROUTING -s 10.0.1.0/24 -o eth0 -j MASQUERADE
accept input traffic from tun0 interface:
iptables -I INPUT -i tun0 -j ACCEPT
enable forward traffic between tun0 (glorytun) and eth0(internet) interfaces:
iptables -I FORWARD -i eth0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o eth0 -j ACCEPT
client side (now all manualy run for debug):
running glorytun from client (gt.key same as on server gt.key):
./glorytun bind 0.0.0.0 to 195.245.103.245 55055 dev tun0 keyfile gt.key chacha
running on device tun0 as pid 4019
adding ip address to tun0 interface:
ifconfig tun0 10.0.1.2 pointopoint 10.0.1.1 up
check interface is create and up, also check ip and other info with this command:
ip a
tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1280 qdisc fq_codel state UNKNOWN group default qlen 500 link/none inet 10.0.1.2 peer 10.0.1.1/32 scope global tun0 valid_lft forever preferred_lft forever
adding first path:
./glorytun path up 192.168.1.100 rate tx 50mbit rx 50mbit
check tunnel connection with server ip:
ping 10.0.1.1
PING 10.0.1.1 (10.0.1.1) 56(84) bytes of data. 64 bytes from 10.0.1.1: icmp_seq=1 ttl=64 time=49.4 ms 64 bytes from 10.0.1.1: icmp_seq=2 ttl=64 time=50.2 ms 64 bytes from 10.0.1.1: icmp_seq=3 ttl=64 time=54.3 ms 64 bytes from 10.0.1.1: icmp_seq=4 ttl=64 time=60.3 ms 64 bytes from 10.0.1.1: icmp_seq=5 ttl=64 time=52.8 ms
check first path:
./glorytun path
path UP
status: OK
bind: 192.168.1.100 port 5000
public: xxx.xxx.144.148 port 36085
peer: 195.245.103.245 port 55055
mtu: 1472 bytes
rtt: 53.901 ms
rttvar: 6.090 ms
tx:
rate: 6250000 bytes/sec
loss: 0 percent
total: 120 packets
rx:
rate: 6250000 bytes/sec
loss: 0 percent
total: 79 packets
trying to add second path, he automaticaly take first status: DEGRADED i think it's okey, so after i try ping 10.0.1.1, and re-check status, second path status OK, so multi-path is worked! :-)
./glorytun path up 192.168.2.100 rate tx 50mbit rx 50mbit
./glorytun path
path UP
status: OK
bind: 192.168.1.100 port 5000
public: xxx.xxx.144.148 port 36085
peer: 195.245.103.245 port 55055
mtu: 1472 bytes
rtt: 88.470 ms
rttvar: 68.228 ms
tx:
rate: 6250000 bytes/sec
loss: 0 percent
total: 156 packets
rx:
rate: 6250000 bytes/sec
loss: 0 percent
total: 107 packets
path UP
status: DEGRADED
bind: 192.168.2.100 port 5000
public: - port 0
peer: 195.245.103.245 port 55055
mtu: 1302 bytes
rtt: 0.000 ms
rttvar: 0.000 ms
tx:
rate: 6250000 bytes/sec
loss: 0 percent
total: 0 packets
rx:
rate: 6250000 bytes/sec
loss: 0 percent
total: 0 packets
i try to ping server from tunnel
ping 10.0.1.1
PING 10.0.1.1 (10.0.1.1) 56(84) bytes of data.
64 bytes from 10.0.1.1: icmp_seq=4 ttl=64 time=51.7 ms
64 bytes from 10.0.1.1: icmp_seq=5 ttl=64 time=48.3 ms
64 bytes from 10.0.1.1: icmp_seq=6 ttl=64 time=49.0 ms
and check after glorytun second path
./glorytun path
path UP
status: OK
bind: 192.168.1.100 port 5000
public: xxx.xxx.144.148 port 15757
peer: 195.245.103.245 port 55055
mtu: 1472 bytes
rtt: 58.416 ms
rttvar: 6.057 ms
tx:
rate: 6250000 bytes/sec
loss: 3 percent
total: 273 packets
rx:
rate: 6250000 bytes/sec
loss: 0 percent
total: 153 packets
path UP
status: OK
bind: 192.168.2.100 port 5000
public: xxx.xxx.156.25 port 3506
peer: 195.245.103.245 port 55055
mtu: 1472 bytes
rtt: 50.682 ms
rttvar: 5.899 ms
tx:
rate: 6250000 bytes/sec
loss: 3 percent
total: 113 packets
rx:
rate: 6250000 bytes/sec
loss: 6 percent
total: 72 packets
both path is up, but wget and other http/https traffic is not go, so i try to add "standard commands" for client with tunnel:
#remove default route
sudo ip route del default
#add default route with glorytun only
sudo ip route add default via 10.0.1.1 dev tun0
#masqarade local net traffic
iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
#enable local traffic route with tunnel
iptables -A INPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -j ACCEPT
iptables -A INPUT -p icmp -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT
iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
#forward all local traffic (from bridge or lan network interface) to glorytun tunnel
iptables -A FORWARD -i bg0 -o tun0 -j ACCEPT
All is work, Adrien BIG THANK TO YOU for you work :-)
My client dual isp route configs
1) first, edit file /etc/iproute2/rt_tables and adding these strings:
#
# reserved values
#
#255 local
#254 main
#253 default
#0 unspec
101 isp1 #<---------add this string to file rt_tables
102 isp2 #<---------add this string to file rt_tables
2) second, create file dual_isp.sh, after chmod +x dual_isp.sh, and run with ./dual_isp.sh
#script path: /root/dual_isp.sh
#script for dual isp connection (linux, ubuntu, debian)
#!/bin/sh
#!/bin/bash
# LAN interface
IF0="bg0"
# WAN interface 1
IF1="enp6s1"
# WAN interface 2
IF2="enp6s2"
IP1="192.168.1.100"
IP2="192.168.2.100"
# gateway 1
P1="192.168.1.1"
# gateway 2
P2="192.168.2.1"
# LAN netmask
P0_NET="10.10.10.0/24"
# WAN1 netmask
P1_NET="192.168.1.0/24"
# WAN2 netmask
P2_NET="192.168.2.0/24"
TBL1="isp1"
TBL2="isp2"
#or edit file /etc/sysctl.conf and permanently enable ip forward
echo "1" > /proc/sys/net/ipv4/ip_forward
ip route add $P1_NET dev $IF1 src $IP1 table $TBL1 > /dev/null 2>&1
ip route add default via $P1 table $TBL1 > /dev/null 2>&1
ip route add $P2_NET dev $IF2 src $IP2 table $TBL2 > /dev/null 2>&1
ip route add default via $P2 table $TBL2 > /dev/null 2>&1
ip route add $P1_NET dev $IF1 src $IP1 > /dev/null 2>&1
ip route add $P2_NET dev $IF2 src $IP2
ip route add default via $P1 > /dev/null 2>&1
ip rule add from $IP1 table $TBL1 > /dev/null 2>&1
ip rule add from $IP2 table $TBL2 > /dev/null 2>&1
ip route add $P0_NET dev $IF0 table $TBL1 > /dev/null 2>&1
ip route add $P2_NET dev $IF2 table $TBL1 > /dev/null 2>&1
ip route add 127.0.0.0/8 dev lo table $TBL1 > /dev/null 2>&1
ip route add $P0_NET dev $IF0 table $TBL2 > /dev/null 2>&1
ip route add $P1_NET dev $IF1 table $TBL2 > /dev/null 2>&1
ip route add 127.0.0.0/8 dev lo table $TBL2 > /dev/null 2>&1
iptables -t nat -F POSTROUTING
iptables -t nat -A POSTROUTING -s $P0_NET -o $IF1 -j MASQUERADE
iptables -t nat -A POSTROUTING -s $P0_NET -o $IF2 -j MASQUERADE
3) using with system start-up
crontab -e
add this line to end of file, sleep 35 is a time with 35 second after system up for waiting isp1(enp6s1) and isp2(enp6s2) interfaces is up and receive ip (if dhcp method used), after it system is running dual_isp.sh script, for use dual isp connections in same time..
@reboot sleep 35 && /root/dual_isp.sh >/dev/null 2>&1
Adrien you may add this topic in how-to use glorytun with dual isp :-)
Nice 👍 I'll take some time on the wiki after the 0.3 release. But if you have time and energy your contribution on the wiki will be much appreciated as it is editable by everyone :)
Hi
i try to use glorytun with ubuntu 18 LTS x64 on both client & server (195.245.x.x), and still NO HAVE CONNECT :( 1) my server use aes but client how i see glorytun output no want use aes and use only chacha20, what i may use chacha20 "cipher" in glorytun server configuration? okey i try version 2.2, 2.1 same things.. i compile, download many pre-compiled version it's all not worked....
2) tell me please what network interface for run glorytun need to bind on client, i have six ethernet interfaces, 4 lan dhcp in bridge, 2 isp(192.168.1.100 and 192.168.2.100), bridge ip 10.10.10.1, i need run glorytun on bridge or on first isp interface?? please explain
3) I need to use glorytun multi-path, this is the main thing for what I try to use glorytun, so i have multi nic client configuration how you see with dual isp1, isp2 network connections tell me please path command to add multi path's and control it
P.s. please post the full working configuration for using glorytun with two isp on client and one server, it's very important, your Readme and Wiki is not actual :-(